]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/log
Peter Müller [Sun, 29 Apr 2018 08:09:10 +0000 (10:09 +0200)]
update ca-certificates CA bundle
Update the CA certificates list to what Mozilla NSS ships currently
(some Turktrust root CAs have been dropped).
The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Sat, 5 May 2018 16:01:53 +0000 (18:01 +0200)]
core121: fix typo fileslist -> filelist
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 5 May 2018 15:49:44 +0000 (17:49 +0200)]
set pakfire core back to 120
this should set to 121 when the updated is finished to ensure that
testers that has installed a test build install core121 again.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 5 May 2018 07:14:42 +0000 (09:14 +0200)]
Merge branch 'kernel-4.14' into next
Arne Fitzenreiter [Thu, 3 May 2018 13:37:39 +0000 (15:37 +0200)]
kernel: update to 4.14.39
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 2 May 2018 09:39:38 +0000 (11:39 +0200)]
u-boot: enable HUSH_PARSER for Iomega iConnect
without this if ... then ... else is not supported.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 2 May 2018 09:38:23 +0000 (11:38 +0200)]
u-boot: remove useless rootwait double
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 30 Apr 2018 10:26:30 +0000 (12:26 +0200)]
kernel: update to 4.14.38
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 30 Apr 2018 10:26:10 +0000 (11:26 +0100)]
core121: Add filelist
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Sun, 29 Apr 2018 21:09:08 +0000 (23:09 +0200)]
u-boot: update rootfile
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 29 Apr 2018 07:48:29 +0000 (09:48 +0200)]
kernel: disable crng unseeded use message spamming
there was a bug until 4.14.36 that this message are not printed at all
now it work and spam the log at boot.
For security it is is a nightmare to use unseeded random but we and the user
cannot do anything. This is work for platform maintainers to get the crng
working earlier.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 28 Apr 2018 08:24:16 +0000 (10:24 +0200)]
u-boot-kirkwood: add u-boot build for kirkwood
This file build IPFire (dtb, bootz) compatible versions for:
Marvell DreamPlug
Iomega iConnect Wireless
Raidsonic ICY-Box 62x0
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 28 Apr 2018 07:09:00 +0000 (09:09 +0200)]
Merge remote-tracking branch 'origin/core120' into kernel-4.14
Arne Fitzenreiter [Sat, 28 Apr 2018 07:01:52 +0000 (09:01 +0200)]
kernel: update to 4.14.37
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 28 Apr 2018 06:51:01 +0000 (08:51 +0200)]
u-boot: update buildscript
enable wandboard
update ident strings
distclean after every target
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Thu, 26 Apr 2018 19:44:56 +0000 (21:44 +0200)]
remove forgotten Nagios files, if any
When we decided to drop Nagios, some files were not removed on the
installations. Since the package does not exist anymore, "pakfire remove
nagios" does not work so we need to clean them up manually in case they
exist.
The third version of this patch makes sure Apache is restarted
afterwards, and includes some forgotten files [sic] as well as it is
now applying for Core Update 121.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 26 Apr 2018 15:06:51 +0000 (17:06 +0200)]
Start Core Update 121
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 26 Apr 2018 15:31:46 +0000 (17:31 +0200)]
BUG:11312 Fix renaming GeoIP groups
When renaming a GeoIP Group, the corresponding names in
firewallrules (if any) are not changed accordingly. Now
when changing a GeoIP Group the firewallrules are renamed
correctly.
Slightly improved first version of this patch (contained
a blank line with trailing whitespace). No functionality
changed, patch has been confirmed as working correctly.
Fixes: #11312
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 24 Apr 2018 13:25:55 +0000 (14:25 +0100)]
core120: Regenerate IPsec configuration
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 19 Apr 2018 14:36:37 +0000 (15:36 +0100)]
Revert "IPsec: Try to restart always-on tunnels immediately"
This reverts commit
a261cb06c6cdd3ba14ad0163c8c9e714ae94fc5b .
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 24 Apr 2018 11:34:53 +0000 (12:34 +0100)]
dma: Apply compile fix
dma segfaulted when built without string.h.
Fixes: #11701
Submitted upstream: https://github.com/corecode/dma/pull/58
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 24 Apr 2018 11:34:53 +0000 (12:34 +0100)]
dma: Apply compile fix
dma segfaulted when built without string.h.
Fixes: #11701
Submitted upstream: https://github.com/corecode/dma/pull/58
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 23 Apr 2018 14:17:00 +0000 (16:17 +0200)]
improve error message if make.sh is executed by non-root user
Fixes #11706.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 24 Apr 2018 10:04:34 +0000 (11:04 +0100)]
Drop noip updater
This package is unused since we introduced ddns. Dropped.
Fixes: #11708
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 24 Apr 2018 09:47:16 +0000 (10:47 +0100)]
ipsec: Open ports in outgoing direction
When the firewall policy is blocked, no outgoing IPsec connections
can be established. That is slightly counter-intuitive since we
open ports in the incoming direction automatically.
Fixes: #11704
Reported-by: Oliver Fuhrer <oliver.fuhrer@bluewin.ch>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Ersan Yildirim [Tue, 24 Apr 2018 09:46:52 +0000 (10:46 +0100)]
Fix mistakes in Turkish translation
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 22 Apr 2018 11:38:11 +0000 (13:38 +0200)]
clamav 0.100.0: Add missing update for rootfile
This is missing in https://patchwork.ipfire.org/patch/1722/
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 21 Apr 2018 16:44:45 +0000 (18:44 +0200)]
update ClamAV to 0.100.0
Update ClamAV to 0.100.0, which brings some new features and bugfixes
(release notes are available here: https://blog.clamav.net/2018/04/clamav-01000-has-been-released.html).
Since the internal LLVM code is now deprecated and disabled by default,
patching clamav/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
does not seem to be necessary anymore.
Further, the --disable-zlib-vcheck option has been removed since it
produces warnings during compilation.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Sun, 22 Apr 2018 08:24:36 +0000 (10:24 +0200)]
leds: dreamplug: the blue led has wrong name in dtb
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 22 Apr 2018 08:16:37 +0000 (10:16 +0200)]
leds: rename dreamplug leds for new kernel
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 20 Apr 2018 08:52:30 +0000 (10:52 +0200)]
kernel: update to 4.14.35
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 19 Apr 2018 16:42:27 +0000 (18:42 +0200)]
iw: update to 4.14
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 19 Apr 2018 16:42:03 +0000 (18:42 +0200)]
crda: update to 3.18
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Thu, 19 Apr 2018 14:38:20 +0000 (15:38 +0100)]
squid-accounting: Do not make menu entry executable
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 19 Apr 2018 14:37:58 +0000 (15:37 +0100)]
squid-accounting: Do not make translations executable
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 19 Apr 2018 14:37:28 +0000 (15:37 +0100)]
squid-accounting: Install Turkish translation
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 19 Apr 2018 14:36:37 +0000 (15:36 +0100)]
Revert "IPsec: Try to restart always-on tunnels immediately"
This reverts commit
a261cb06c6cdd3ba14ad0163c8c9e714ae94fc5b .
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Wed, 18 Apr 2018 04:11:15 +0000 (06:11 +0200)]
kernel: i586 enable cs5535 gpio module
this modul is needed for alix led support
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 17 Apr 2018 12:50:02 +0000 (13:50 +0100)]
wio: Translation files do not need to be executable
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 17 Apr 2018 12:49:41 +0000 (13:49 +0100)]
wio: Actually install Turkish translation
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Tue, 17 Apr 2018 10:20:15 +0000 (12:20 +0200)]
firstsetup: fix disabling tty's on scon mode
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Ersan Yildirim [Tue, 17 Apr 2018 08:47:48 +0000 (09:47 +0100)]
Update Turkish translation and add translation for WIO and squid accounting
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Tue, 17 Apr 2018 04:10:06 +0000 (06:10 +0200)]
grub: update to 2.02
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 16 Apr 2018 16:15:12 +0000 (18:15 +0200)]
u-boot: fix typo in startscript
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 16 Apr 2018 16:12:24 +0000 (18:12 +0200)]
acpid: start also if kernel has no acpi support.
acpid is also needed for gpio and hid powerbuttons if there is no
real acpi support.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 14 Apr 2018 16:45:02 +0000 (18:45 +0200)]
Merge branch 'kernel-5.14' of git.ipfire.org:/pub/git/people/arne_f/ipfire-2.x into kernel-4.14
Arne Fitzenreiter [Sat, 14 Apr 2018 16:42:52 +0000 (18:42 +0200)]
screen: build before elfutils
if it buils after elfutils it links against libelf which is an addon
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 14 Apr 2018 16:42:00 +0000 (18:42 +0200)]
acpid: build also on arm
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 14 Apr 2018 14:14:31 +0000 (16:14 +0200)]
bump packages
the old packages are linked against removed libs
fixes: 11685
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 14 Apr 2018 14:14:31 +0000 (16:14 +0200)]
bump packages
the old packages are linked against removed libs
fixes: 11685
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 12 Apr 2018 15:17:08 +0000 (17:17 +0200)]
kernel: update to 4.14.34
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 12 Apr 2018 14:21:20 +0000 (16:21 +0200)]
flash-images: merge normal and scon to one image.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Wolfgang Apolinarski [Fri, 6 Apr 2018 05:11:03 +0000 (07:11 +0200)]
Updated Apache 2.4
- Updated Apache from 2.4.29 to 2.4.33
- Updated Apr from 1.6.1 to 1.6.3
- Updated Apr-Util from 1.6.0 to 1.6.1
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Fri, 6 Apr 2018 11:48:19 +0000 (13:48 +0200)]
beep 1.3: Fixes for CVE-2018-0492
For details see:
https://src.fedoraproject.org/cgit/rpms/beep.git
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-0492
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Wed, 11 Apr 2018 17:39:48 +0000 (19:39 +0200)]
kernel: update to 4.14.33
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 11 Apr 2018 16:36:57 +0000 (18:36 +0200)]
kernel: update config
disable isdn
disable audit
disable profiling on arm
disable scsi driver on arm
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 9 Apr 2018 20:25:53 +0000 (22:25 +0200)]
Merge branch 'master' into core120
Michael Tremer [Mon, 9 Apr 2018 10:36:46 +0000 (11:36 +0100)]
core120: Update OepnVPN configurations for PMTU changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 9 Apr 2018 10:32:07 +0000 (11:32 +0100)]
OpenVPN: Drop Path MTU discovery settings
These have to be dropped since the entire system does not
support Path MTU discovery any more. This should not have
any disadvantage on any tunnels since PMTU didn't really
work in the first place.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Mon, 9 Apr 2018 07:52:46 +0000 (07:52 +0000)]
kernel: fix kirkwood config
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 4 Apr 2018 19:38:24 +0000 (21:38 +0200)]
core120: don't (re)move old packfire/gpg databases
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 3 Apr 2018 18:13:34 +0000 (20:13 +0200)]
Merge branch 'master' into core119
Michael Tremer [Tue, 3 Apr 2018 16:34:24 +0000 (17:34 +0100)]
core120: Update pakfire keystore
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 3 Apr 2018 16:33:04 +0000 (17:33 +0100)]
core120: Ship changed pakfire files
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 3 Apr 2018 16:31:50 +0000 (17:31 +0100)]
pakfire: Store key material in own directory
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Thu, 5 Apr 2018 07:15:32 +0000 (09:15 +0200)]
u-boot: update bootscript to boot from other devices than mmc
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 3 Apr 2018 18:15:58 +0000 (20:15 +0200)]
Merge remote-tracking branch 'origin/master' into kernel-4.14
Arne Fitzenreiter [Mon, 2 Apr 2018 15:11:45 +0000 (17:11 +0200)]
Merge remote-tracking branch 'origin/core120' into kernel-4.14
Arne Fitzenreiter [Mon, 2 Apr 2018 14:56:02 +0000 (16:56 +0200)]
Merge branch 'master' into core119
Michael Tremer [Mon, 2 Apr 2018 14:50:09 +0000 (15:50 +0100)]
curl: Drop old compatibility symlink
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 2 Apr 2018 14:48:50 +0000 (15:48 +0100)]
curl: Rootfile update
Main library was missing
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 2 Apr 2018 14:46:31 +0000 (15:46 +0100)]
core120: Import new pakfire keys
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 2 Apr 2018 14:07:56 +0000 (15:07 +0100)]
pakfire: Import old key, too
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 2 Apr 2018 14:06:02 +0000 (15:06 +0100)]
pakfire: Rename new key to pakfire-2018.key
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 2 Apr 2018 14:45:48 +0000 (15:45 +0100)]
pakfire: Validate signatures when multiple are available
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Mon, 2 Apr 2018 09:22:19 +0000 (11:22 +0200)]
core120: add pakfire script to updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 1 Apr 2018 14:15:27 +0000 (16:15 +0200)]
kernel: update to 4.14.32
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 31 Mar 2018 08:02:01 +0000 (10:02 +0200)]
openssl: update rootfile
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 31 Mar 2018 07:56:48 +0000 (09:56 +0200)]
kernel: x86_64 rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 30 Mar 2018 14:39:02 +0000 (16:39 +0200)]
kernel: x86_64 enable DEVFREQ modules
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 30 Mar 2018 08:26:01 +0000 (10:26 +0200)]
Merge remote-tracking branch 'origin/master' into kernel-4.14
Arne Fitzenreiter [Fri, 30 Mar 2018 08:21:49 +0000 (10:21 +0200)]
kernel: update to 4.14.31
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 30 Mar 2018 07:35:28 +0000 (09:35 +0200)]
Merge branch 'core119' into next
Arne Fitzenreiter [Fri, 30 Mar 2018 07:25:06 +0000 (09:25 +0200)]
core120: set pafire version to 120
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Thu, 29 Mar 2018 12:49:44 +0000 (13:49 +0100)]
Rootfile update
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 28 Mar 2018 15:55:18 +0000 (16:55 +0100)]
pakfire: Use upstream proxy for HTTPS, too
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Wed, 28 Mar 2018 03:41:50 +0000 (05:41 +0200)]
use protocol defined in server-list.db for mirror communication
For each mirror server, a protocol can be specified in the
server-list.db database. However, it was not used for the
actual URL query to a mirror before.
This might be useful for deploy HTTPS pinning for Pakfire.
If a mirror is known to support HTTPS, all queries to it
will be made with this protocol.
This saves some overhead if HTTPS is enforced on a mirror
via 301 redirects. To enable this, the server-list.db
needs to be adjusted.
The second version of this patch only handles protocols
HTTP and HTTPS, since we do not expect anything else here
at the moment.
Partially fixes #11661.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 28 Mar 2018 15:39:35 +0000 (16:39 +0100)]
unbound: Fix crash on startup
Zone names should not be terminated with a dot.
Fixes: #11689
Reported-by: Pontus Larsson <pontuslarsson51@yahoo.se>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 28 Mar 2018 10:22:06 +0000 (11:22 +0100)]
Rootfile update for curl
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 27 Mar 2018 19:56:31 +0000 (20:56 +0100)]
asterisk: Ship documentation
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 27 Mar 2018 19:53:31 +0000 (20:53 +0100)]
fetchmail: Permit building without SSLv3
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 27 Mar 2018 15:05:07 +0000 (16:05 +0100)]
openssl: Update to 1.0.2o
CVE-2018-0739 (OpenSSL advisory) [Moderate severity] 27 March 2018:
Constructed ASN.1 types with a recursive definition (such as can be
found in PKCS7) could eventually exceed the stack given malicious
input with excessive recursion. This could result in a Denial Of
Service attack. There are no such structures used within SSL/TLS
that come from untrusted sources so this is considered safe.
Reported by OSS-fuzz.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 27 Mar 2018 14:59:04 +0000 (15:59 +0100)]
openssl: Update to 1.1.0h
CVE-2018-0739 (OpenSSL advisory) [Moderate severity] 27 March 2018:
Constructed ASN.1 types with a recursive definition (such as can be
found in PKCS7) could eventually exceed the stack given malicious
input with excessive recursion. This could result in a Denial Of
Service attack. There are no such structures used within SSL/TLS
that come from untrusted sources so this is considered safe.
Reported by OSS-fuzz.
This patch also entirely removes support for SSLv3. The patch to
disable it didn't apply and since nobody has been using this before,
we will not compile it into OpenSSL any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 26 Mar 2018 18:04:41 +0000 (19:04 +0100)]
core120: Ship updated QoS script and gnupg
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Mon, 26 Mar 2018 17:50:30 +0000 (19:50 +0200)]
Fix typo in 'makeqosscripts.pl'
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 24 Mar 2018 15:45:02 +0000 (16:45 +0100)]
curl: update to 7.59.0
Update curl to 7.59.0 which fixes a number of bugs and
some minor security issues.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 24 Mar 2018 15:32:53 +0000 (16:32 +0100)]
gnupg: update to 1.4.22
Update GnuPG to 1.4.22, which fixes some security vulnerabilities,
such as the memory side channel attack CVE-2017-7526.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Mon, 26 Mar 2018 05:29:51 +0000 (07:29 +0200)]
xr819-firmware: move rootfile to common
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 25 Mar 2018 14:13:35 +0000 (16:13 +0200)]
kernel: update to 4.14.30
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 25 Mar 2018 11:27:03 +0000 (13:27 +0200)]
xr819-firmware: add firmware for xradio xr-819 wlan
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>